CVSS: 9.8EPSS: 0%CPEs: 43EXPL: 0CVE-2014-7155 – Gentoo Linux Security Advisory 201412-42
https://notcve.org/view.php?id=CVE-2014-7155
01 Oct 2014 — The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. La función x86_emulate en arch/x86/x86_emulate/x86_emulate.c en Xen 4.4.x y anteriores no comprueba debidamente los permisos del modo de supervisor, lo que permite a usuarios locales ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2014-7156 – Gentoo Linux Security Advisory 201412-42
https://notcve.org/view.php?id=CVE-2014-7156
01 Oct 2014 — The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. La función x86_emulate en arch/x86/x86_emulate/x86_emulate.c en Xen 3.3.x hasta 4.4.x no comprueba los permisos del modo de supervisión para las instrucciones que generan interrupciones de software, lo que permite a usua... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 21EXPL: 0CVE-2014-7154 – Gentoo Linux Security Advisory 201412-42
https://notcve.org/view.php?id=CVE-2014-7154
01 Oct 2014 — Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. Condición de carrera en HVMOP_track_dirty_vram en Xen 4.0.0 hasta 4.4.x no asegura la posesión del bloqueo de guardar para el seguimiento RAM de vídeos sucios, lo que permite a dominios locales de huésped causar una denegación de servicio a través de vectores no especifi... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2014-7188 – Gentoo Linux Security Advisory 201412-42
https://notcve.org/view.php?id=CVE-2014-7188
01 Oct 2014 — The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors. La función hvm_msr_read_intercept en arch/x86/hvm/hvm.c en Xen 4.1 hasta 4.4.x utiliza un rango MSR indebido para la emulación x2APIC, lo que permite a huéspedes HVM locales causar una denegación de servicio (caída del anfitrión) o le... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140199.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-5149 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-5149
22 Aug 2014 — Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146. Ciertas operaciones de la virtualización MMU en Xen 4.2.x hasta 4.4.x, cuando se utilizan las tablas de las páginas shadow, no son preferentes, lo que permite a huéspedes locales HVM causar una de... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136980.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-5146 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-5146
22 Aug 2014 — Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149. Ciertas operaciones de la virtualización MMU en Xen 4.2.x hasta 4.4.x anterior al patch xsa97-hap, cuando utiliza Hardware Assisted Paging (HAP), no son pre... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136980.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2014-4021 – xen: Hypervisor heap contents leaked to guests (xsa-100)
https://notcve.org/view.php?id=CVE-2014-4021
18 Jun 2014 — Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Xen 3.2.x hasta 4.4.x no limpia debidamente las páginas de memoria recuperadas de invitados, lo que permite a usuarios locales del sistema operativo invitado obtener información sensible a través de vectores no especificados. It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by... • http://linux.oracle.com/errata/ELSA-2014-0926-1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3967 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-3967
05 Jun 2014 — The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. La función HVMOP_inject_msi en Xen 4.2.x, 4.3.x y 4.4.x no comprueba debidamente el valor de retorno de la comprobación de configuraciones IRQ, lo que permite a administradores locales invitados de HVM causar una denegación de servicio (referencia a... • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3968 – Gentoo Linux Security Advisory 201504-04
https://notcve.org/view.php?id=CVE-2014-3968
05 Jun 2014 — The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged. La función HVMOP_inject_msi en Xen 4.2.x, 4.3.x y 4.4.x permite a administradores locales invitados causar una denegación de servicio (caída de anfitrión) a través de un número grande de solicitudes manipuladas, lo que provoca que se registra un mensaje de error. Multiple vulnerabilit... • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134710.html •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2014-3124 – Debian Security Advisory 3006-1
https://notcve.org/view.php?id=CVE-2014-3124
07 May 2014 — The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types. El control HVMOP_set_mem_type en Xen 4.1 hasta 4.4.x permite a administradores HVM locales invitados causar una denegación de servicio (caída de hipervisor) o posiblemente ejecutar código arbitrario mediante el... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html • CWE-264: Permissions, Privileges, and Access Controls •